Ethereal-users: Re: R: [Ethereal-users] Re: R: [Ethereal-dev] Remote online packet capture?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ed Warnicke <hagbard@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 25 Oct 2000 08:27:31 -0400 (EDT)
How about a more standards compliant RFC 2396 (the URI RFC) based
solution.

If we tentatively refer to your protocol as the Remote Packet Capture 
Protocol and abbreviate it as rpcp, then an appropriate scheme name 
would naturally be rpcp and one could write its URI as:

rpcp://<machine_name>/<interface_name>

so eth0 on example.com would be 

rcpc://example.com/eth0

Additionally then one could encode the filter string for libpcap as 
either a URI parameter or URI query.  So if one wanted only 
port 23 from eth0 on example.com captured one could either use:

rcpc://example.com/eth0;pcapfilter=tcp%40port%4023

(the parameter version) (the %40 is an escaped space).

or 

rcpc://example.com/eth0?pcapfilter=tcp%40port%4023

(the query version).

Ed

On Wed, 25 Oct 2000, Loris Degioanni wrote:

> Perhaps other solutions are better than this one.
> What about "\\machine\inerfacename"?
> 
> Loris.
> 
> -----Messaggio Originale----- 
> Da: Guy Harris <guy@xxxxxxxxxx>
> A: Loris Degioanni <loris@xxxxxxxxxxxxxxxxxxxxxxx>
> Cc: Mark Atwood <mra@xxxxxxxxx>; <ethereal-dev@xxxxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
> Data invio: marted? 24 ottobre 2000 1.10
> Oggetto: [Ethereal-users] Re: R: [Ethereal-dev] Remote online packet capture?
> 
> 
> > > This allows to the applications written over winpcap/libpcap to
> > > transparently capture from a remote host if linked with this remote
> > > version: they need only to specify the name of the adapter with a proper
> > > syntax (for example "machinename:adaptername") in pcap_open_live, and
> > > the capture is routed to the remote agent.
> > 
> > The Ethereal code to get a list of interfaces skips addresses that begin
> > with "dummy", or that included a ":", saying that the latter are
> > "Solaris virtuals"; I infer from
> > 
> > http://bugs.apache.org/index.cgi/full/1540
> > 
> > that the syntax of a Solaris virtual interface is "<interface name>:<number>".
> > 
> > This means that a "machinename:adaptername" syntax *might* be
> > indistinguishable from a virtual interface name, although I don't know
> > whether Ethereal omits the virtual interfaces because you can't capture
> > on them, because you wouldn't want to capture on them, or for some other
> > reason, so I don't know whether simply treating all device names with
> > colons as remote interface names would work.
> > 
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> > 
> 
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>